b7bc52d20b
Fix HTTP/SMB mixin order to restore SSL option
...
Mixin order matters. Mixins kinda suck.
2019-01-29 11:09:34 -06:00
24f807490f
revisionism
2019-01-10 19:19:14 +00:00
2f939481e7
Land #11206 , add coldfusion ckeditor file upload
2019-01-10 07:27:38 -06:00
b81f59e7b1
Fix targets and syntax changes
2019-01-10 06:39:45 -06:00
a63c057c3a
Integrate bcoles' comments (filename generation, conditional block improvement, etc.)
2019-01-06 22:50:46 +01:00
c03466d2f2
Fixed date format issue and added Bugtraq ID
2019-01-06 14:34:40 +01:00
4644ad8966
Add CVE-2018-15961 Adobe ColdFusion CKEditor unrestricted file upload
2019-01-06 04:55:20 +01:00
38bdee19e8
Fix TARGETURI support in struts2_namespace_ognl
2018-12-14 13:08:50 -06:00
b109321b44
Kill unless not
2018-12-11 10:16:16 -06:00
90b9204703
Update DisclosureDate to ISO 8601 in my modules
...
Basic msftidy fixer:
diff --git a/tools/dev/msftidy.rb b/tools/dev/msftidy.rb
index 9a21b9e398..e9ff2b21e5 100755
--- a/tools/dev/msftidy.rb
+++ b/tools/dev/msftidy.rb
@@ -442,6 +442,8 @@ class Msftidy
# Check disclosure date format
if @source =~ /["']DisclosureDate["'].*\=\>[\x0d\x20]*['\"](.+?)['\"]/
d = $1 #Captured date
+ File.write(@full_filepath, @source.sub(d, Date.parse(d).to_s))
+ fixed('Probably updated traditional DisclosureDate to ISO 8601')
# Flag if overall format is wrong
if d =~ /^... (?:\d{1,2},? )?\d{4}$/
# Flag if month format is wrong
2018-11-16 12:18:28 -06:00
795aa3c99c
Land #10828 , git submodule url exec CVE-2018-17456
2018-11-14 12:39:13 -06:00
798d3156bc
Print git command for module
2018-11-14 10:57:36 -06:00
5e85683228
removed to_s from string
2018-11-13 15:28:55 -06:00
ac8932c144
update 9631 to a current branch
2018-11-13 15:15:25 -06:00
da134f06e3
Updated check method
...
Fixed check method and redundant variable declarations
2018-11-13 16:01:40 -05:00
caf76a6555
Add applicable notes to my exploit modules
2018-10-27 20:54:14 -04:00
b3d45586db
feedback from code review
2018-10-18 12:30:46 +08:00
64e257649f
cleanup module
2018-10-18 11:45:59 +08:00
290d4428c1
create git mixin
2018-10-18 11:31:31 +08:00
063e477ff2
git submodule url exec (CVE-2018-17456)
2018-10-18 11:02:28 +08:00
5b14d94957
Land #10671 , struts2_namespace_ognl updates
...
There are still some outstanding concerns, but I want to unblock this.
2018-10-12 11:08:33 -05:00
2989507b85
Copy check for data_header to avoid crash
...
Variable was used but out of scope.
2018-10-12 11:06:26 -05:00
1da99c8bd1
Fixed syntax errors
...
Corrected redundant returns and indentation errors
2018-10-11 10:01:47 -04:00
86f7c270c6
Fixed stylistic and syntax errors
2018-10-11 09:19:35 -04:00
0f3917f540
Fixed syntax errors
2018-10-10 13:26:49 -04:00
26482ee6d6
Fixed EOL spaces
2018-10-09 18:30:41 -04:00
9c9cd33c34
Fixed syntax errors and inconsistencies
2018-10-09 17:45:02 -04:00
8b955f8ec5
Land #10704 , Navigate CMS Unauthenticated RCE
2018-10-04 06:44:21 -05:00
97729727d8
Minor modifications
2018-10-02 06:57:04 -05:00
6f5a8f8f42
Fix outdated metadata
2018-10-01 18:59:09 +01:00
e4256f4595
Make ENABLE_STATIC an OptBool, as I should have done in the first place
2018-09-27 17:54:22 -05:00
342cfe4199
Refactor again
2018-09-27 12:38:05 +02:00
82b1f40925
Add cleanup code
2018-09-27 11:17:53 +02:00
2b86297138
Refactor
2018-09-27 11:16:54 +02:00
f55483d17d
Fix incorrect session_id extraction
2018-09-27 11:07:43 +02:00
f882c3aec2
Add Navigate CMS Unauthenticated Remote Code Execution
2018-09-26 21:39:15 +02:00
fd8ad6f4d8
struts2_namespace_ognl: Added verbose messages for errors with Tomcat >= 7.0.88
2018-09-18 15:26:28 -05:00
4933f47ac5
struts2_namespace_ognl: Remove debugging code
2018-09-18 14:46:41 -05:00
a9e6257891
struts2_namespace_ognl multishot OGNL payloads for Windows Meterpreter support
2018-09-18 14:27:47 -05:00
6126a627cc
Land #10570 , AKA Metadata Refactor
2018-09-17 22:29:20 -05:00
011c25ed59
Merge changes from master (ghostscript)
2018-09-17 13:57:28 -05:00
4c036e70c1
Fix http://seclists.org links to https://
...
I have no idea how this happened in my own code. I was seeing https://.
2018-09-15 18:54:45 -05:00
718aaca0f4
Land #10546 , Add Apache Struts exploit: CVE-2018-11776
2018-09-07 14:54:23 -05:00
bd50e00ccc
Make some small changes:
...
Changes made:
* DisclosureDate
* Privileged to false
* Remove gsub for ';'
* Set cmd/unix/generic as the default payload for ARCH_CMD (linux)
2018-09-07 14:48:33 -05:00
99ca6cef49
Quote-block cleanup and improved error handling
2018-09-07 11:43:04 -05:00
3671f8f6b0
Handling for Tomcat namespace issues, 'allowStaticMethodAccess' settings, and payload output
...
Depending on the configuration of the Tomcat server, `allowStaticMethodAccess` may already be set. We now try to detect this as part of `profile_target`. But that check might fail. If so, we'll try our best and let the user control whether we prepend OGNL to enable `allowStaticMethodAccess` via the 'ENABLE_OGNL' option.
Additionally, sometimes enabling `allowStaticMethodAccess` will cause the OGNL query to fail.
Additionally additionally, some Tomcat configurations won't provide output from the payload. We'll detect that the payload ran successfully, but tell the user there was no output.
2018-09-06 17:56:42 -05:00
7eb06b4592
Address travis errors: Updated metadata and target OS logic
2018-09-06 12:43:56 -05:00
cb16f812ec
struts2_namespace_ognl updates from code review
...
Thanks to @wvu, @firefart, and @wchen!
2018-09-06 11:50:57 -05:00
eb17d9b198
Refactor AKA references for modules
2018-08-31 16:56:05 -05:00
8fe8bf62e3
Renamed to match existing struts2_content_type_ognl and improved comments
2018-08-31 13:48:22 -05:00
William Vu